Aggregator

Currently trending CVE - Hype Score: 70 - Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to ...

Currently trending CVE - Hype Score: 15 - In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data ...

Currently trending CVE - Hype Score: 5 - Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an ...

Currently trending CVE - Hype Score: 1 - VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this ...

Currently trending CVE - Hype Score: 25 - A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access ...

Currently trending CVE - Hype Score: 25 - A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability ...

Currently trending CVE - Hype Score: 29 - A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

Currently trending CVE - Hype Score: 14 - An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized ...

Currently trending CVE - Hype Score: 1 - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 41 - Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

A vulnerability was found in Oracle Concurrent Processing up to 12.2.14. It has been rated as critical. This vulnerability affects unknown code of the component BI Publisher Integration. This manipulation causes improper authentication. This vulnerability is tracked as CVE-2025-61882. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Fortra GoAnywhere MFT up to 7.8.3. Impacted is an unknown function of the component License Servlet. This manipulation causes command injection. This vulnerability is tracked as CVE-2025-10035. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.9.6. This issue affects the function mapping_large_folio_support of the file /sys/kernel/debug/split_huge_pages. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2024-40950. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.9.6. The impacted element is an unknown function. Executing manipulation can lead to privilege escalation. This vulnerability is registered as CVE-2024-40975. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.9.6. This issue affects some unknown processing of the component tcp_ao. The manipulation results in privilege escalation. This vulnerability was named CVE-2024-40985. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.220/5.15.161/6.1.95/6.6.35/6.9.6. It has been classified as problematic. The impacted element is the function max_sge of the component mlx5. Performing manipulation results in privilege escalation. This vulnerability is identified as CVE-2024-40990. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.